00:00:00:00 - 00:00:13:04
Monica Verma
You see, it's a struggle that a lot of people say. So many times you cannot be in cybersecurity if you're not a technical expert. And to me, that makes no sense.

00:00:13:11 - 00:00:18:08
Naomi Buckwalter
When people say, like, you cannot start in cybersecurity without being a technical expert. That's where I disagree.

00:00:19:02 - 00:00:27:18
Monica Verma
Everyone, good morning. Good afternoon. Good evening. Welcome to today's episode. Today we have a very fantastic guest. So let's welcome her on board.

00:00:31:11 - 00:00:34:00
Monica Verma
Hi, Naomi. How you doing? Welcome to the podcast show today.

00:00:34:19 - 00:00:36:24
Naomi Buckwalter
Hi, Monica. I'm so excited to be here.

00:00:37:09 - 00:00:47:17
Monica Verma
Really great to have you on the show today. Let's maybe jump right into it. But before we do that, can you say something about yourself and maybe share a fun fact for the audience?

00:00:48:11 - 00:01:16:24
Naomi Buckwalter
Yeah. So my name is Naomi Buckwalter. I've been in IT and security for over 20 years. So I would say I am pretty old. I have done all kinds of things. I started as a software engineer, moved into application security, moved into various other roles, and now I'm in a security leadership role. And my special thing about me, I would say, let's see, I was born with something called Perfect Pitch.

00:01:16:24 - 00:01:36:12
Naomi Buckwalter
And I think it's funny because not a lot of people have this ability and I thought my entire life that everyone could do this, but it's essentially just hearing a note and telling you what it is and but what's ironic is I can't sing, so I can tell you what note you are singing, but I can't sing myself.

00:01:36:14 - 00:01:41:20
Naomi Buckwalter
So it's yeah, quite useless. But it is something that sometimes not a lot of people know about me.

00:01:42:22 - 00:02:19:03
Monica Verma
Fantastic. It's really interesting, though. A lovely welcome to the show today. So let's jump right into the episode. Let's talk first from a talent perspective, talent gap on one hand, we're seeing companies struggle with finding talent in cybersecurity, privacy or the industry that we are in today and what we call as talent gap. Right. But on the other hand, we're also seeing that we are not able to really find the right talent or that we have talent, that there are people who are looking for the jobs within the industry, but are not able to find them.

00:02:19:10 - 00:02:41:11
Monica Verma
So we see the complaint from that perspective as well, in the sense that people are actually struggling to get into the industry and they're struggling to also move into the different roles and especially leadership roles within the industry. How do these two things actually make sense together? Should they be mutually exclusive? What is actually going on? Do we really have a talent gap?

00:02:42:04 - 00:03:01:09
Naomi Buckwalter
Oh, my gosh. This question. Great question. I don't think we have a talent gap I think there's plenty of talented people out there who are looking to break into cybersecurity. The problem is we don't have enough demand for the entry level folks. Now, where is the demand? The demand is all in the mid senior or senior level and above roles.

00:03:01:09 - 00:03:33:02
Naomi Buckwalter
And I know this because I analyzed 1000 LinkedIn jobs and I parsed out the information for each job description and how many years of experience. And it turns out, I think only about 10% of all open roles for security are for entry level or below. So those internships in this part time roles. And so what we're seeing is just an incredible supply for the entry level folks not getting met because there is no demand for that very basic

00:03:33:08 - 00:03:57:15
Naomi Buckwalter
economics one on one. But why is that? Why do we have so few entry level folks getting jobs? It's because people don't really understand that you can't just have a senior level person pop into being. They can't just start from that. No one is born knowing all the things that these job descriptions are asking for and it's kind of it's hurting us.

00:03:57:15 - 00:04:14:08
Naomi Buckwalter
So a lot of people don't realize this, but you can learn cybersecurity. Like think about how we started, Monica, like we didn't, we didn't just learn this after a day like we it took us a few years, you know, we got to kind of our wheels under us and we start going. But we started learning. And that's the thing.

00:04:14:09 - 00:04:29:12
Naomi Buckwalter
Like anyone can learn this, some people can learn it more quickly. And I'll say, like, I'm I'm a fairly intelligent person. I think I was able to pick it up pretty easily. But there are so many people who are way more intelligent than I am Monica. There are so many smart people out there and I've talked to so many of them.

00:04:29:23 - 00:04:55:12
Naomi Buckwalter
Some people, they come from different backgrounds. There's one lady she came from on a marketing team and she passed her security pass after two weeks of studying. Like, to me, that's incredible. Just that kind of level of intelligence and talent is out there. But hiring managers refused to give people like that a chance. And it's so hard for these folks to show what they can do because the hiring managers don't see their potential.

00:04:55:12 - 00:04:56:07
Naomi Buckwalter
And it's unfortunate.

00:04:56:20 - 00:05:18:13
Monica Verma
Right? I mean, because, of course, absolutely. The point really is correct that there is something known as talent. Right. Some people are talented, some people are intelligent. They have different IQs, they’ve different EQs. But then there is skillsets. There is a skill set. And it's not just talent. Cybersecurity is definitely an industry which requires skill, and you can learn that skill.

00:05:18:16 - 00:05:45:02
Monica Verma
It's not something that, as you say, it can can be learned in a shorter period of time or a longer period time, depending on who you are as a person, dedication and there are a lot of aspects and factors there, but I see that I mean, I talk a lot about this as well. It is a skill set. So why are people so confused in that expectation of we need people just in the higher positions because you're not as you said, they are not going to just jump into it.

00:05:45:02 - 00:05:57:03
Monica Verma
And if you look at long term as well, if we only concentrate on having just mid or senior positions, where do we stand in five, ten, 20 years?

00:05:57:03 - 00:05:58:14
Naomi Buckwalter
Then we’ll be in the same place.

00:05:58:14 - 00:06:19:04
Monica Verma
Exactly. We're not going forward. Exactly. We're not going forward anywhere. But then on the other hand. So. Absolutely right. That makes total sense. On the other hand, though, companies are still struggling. I mean, the struggle is real, even though the problem is not exactly what we seem to be as you said it, it's not a really problem that we don't have talent.

00:06:19:18 - 00:06:30:00
Monica Verma
It's just that we're not finding or looking for the right people. We aren’t grooming them. We're not investing in them. But why are the organizations still struggling though? Why do we have this gap?

00:06:30:15 - 00:06:49:03
Naomi Buckwalter
Yeah, organizations see security as a cost center. It's kind of just the way it's always been. They don't really see the benefits of having security professionals do more than the basics, right? They're like, oh, we we didn't get rich today. Great. You know, you still have a job. But what they're not seeing is that security is really risk management.

00:06:49:03 - 00:07:17:14
Naomi Buckwalter
And if they don't understand risk, they really should not be a successful business. All businesses have risk. The idea now is for a security professional to come in and show the business what kind of security risks might be out there and then work with the business to find that acceptable level of risk. So risk management, and that's really where the business needs to understand that it's not just data that could be stolen, people's livelihoods are at stake.

00:07:17:14 - 00:07:52:00
Naomi Buckwalter
Like we just had that colonial pipeline ransomware attack. Like people's people's lives are being impacted, civilian lives are being affected. This is an actual war like it's an invisible war, but people's lives are being impacted and it's just going to get worse. So companies have to realize that they have a responsibility in everything that they do. So if the companies were to hire more security professionals, we would end up seeing a lot more of these entry level folks getting hired just because more money will be placed into the hands of the security teams for them to make those better decisions.

00:07:52:09 - 00:08:14:23
Naomi Buckwalter
So instead of having security teams rely on automation and tools, which, by the way, not everything single, not every single company will have the ability to do that because what is it, 99.7% of all businesses, at least in America, are small and midsize. That is fewer than 500 employees. But 43% of all breaches occur for SMB small and midsize businesses.

00:08:14:23 - 00:08:33:02
Naomi Buckwalter
So there is a disconnect here. Some companies just don't understand what they don't know. Like they don't know that they need to hire security people. They're just saying, oh, we're too small to be hacked. No one's going to ever want to hack us. Well, that's really untrue. Like, if you're on the Internet and you have a public facing presence, like people are going to be interested in you for a number of reasons.

00:08:33:08 - 00:08:50:24
Naomi Buckwalter
So companies that think that they're just not a target or they just don't feel like they need to spend money on security, they're going to be the ones that you're going to have that rude awakening. Monica they're going to wake up one day and they're going to say, Oh my gosh, our entire database is out there for the public to see.

00:08:50:24 - 00:09:16:19
Naomi Buckwalter
And now we have not only fines to pay, but our customers have lost trust in us and we are just sinking money now. And so, now it's a little too late to start throwing money into the security team because guess what? Like it's already happened, you already been popped. So companies need to put more money into security and realize that it's not a cost center, more of a risk management center like you focus on the risk management part of it, not the fact that, oh, that money isn't spent in a good way.

00:09:16:19 - 00:09:22:03
Naomi Buckwalter
Like that's actually it is being spent in a good way. Let's look at it. Think critically here.

00:09:22:22 - 00:09:51:07
Monica Verma
Absolutely right. And that makes total sense because cybersecurity at the end of the day is: What are we doing in cybersecurity is kind of like different controls to manage risks connected to the cyber world. That's basically what it is, what it boils down to, risk management. Nonetheless, there's one other thing that I want to talk about, because we talk a bit about talent supply demand in organizations struggle to really understand this as the cost center versus our risk management center,

00:09:51:07 - 00:10:15:12
Monica Verma
as you say. One other thing that I have experienced quite a lot, and as I said, the journey we have come from I come from a hacker background, I come from a very technical background. But now I've been in leadership roles for many years, seven plus years. And in my leadership roles, I have learned one key thing is to sometimes to do, sometimes to change your thinking.

00:10:15:12 - 00:10:34:16
Monica Verma
You need the mindset, right? You need to understand the business and you to understand the risk. We need that mindset. So even though I come from a technical background, I had to leave some of the thinking to embrace something which was new and different from a technical perspective, and to embrace the business, to embrace a different aspect of people, process and technology.

00:10:36:00 - 00:11:04:14
Monica Verma
But at the same time, we see the struggle that a lot of people say so many times, you cannot be in cybersecurity if you're not a technical expert. And to me, that makes no sense. I mean, yes, you need to understand and have some technology understanding, obviously. But why do you feel that people are so hellbent on ensuring that only technical expert people come into cybersecurity?

00:11:04:14 - 00:11:05:17
Monica Verma
What's that really about?

00:11:06:06 - 00:11:25:11
Naomi Buckwalter
Yeah, I mean, I get that we need a certain level of understanding of technology when people say like, you cannot start in cybersecurity without being a technical expert. That's where I disagree. I'm like, Actually, you can start in cybersecurity. You don't have to be an expert at anything. You can have a real great interest in something. Like, when I got started, I knew nothing about security.

00:11:25:11 - 00:11:46:14
Naomi Buckwalter
I didn't have any certs, I didn't have any degrees in security. I just knew how to write computer programs. So that was it. That was my thing. And then moving from that into application security, now how to secure programs, it's kind of the same thing. If you have an interest or you have a technical background in something that's tangentially related, you can always move into security because security is everyone's responsibility anyway.

00:11:46:19 - 00:12:06:01
Naomi Buckwalter
You're just doing more of it. So take any role in any organization. There will be an aspect to your job that requires you to do some security, like you choose a password that is unique and a passphrase as like 17 characters long range. And like those are the things that everyone should know how to do. Unfortunately, that's not something everyone knows.

00:12:06:01 - 00:12:23:23
Naomi Buckwalter
That's their job. Security is everyone's job, and therefore you can't have the same. So you can't be like, Oh yeah, security's everyone's job. Oh, and by the way, security can only be done by people who are technical experts. Like that doesn't make any sense. Like how are you going to get people who in their day to day jobs aren't security professionals?

00:12:24:04 - 00:12:36:17
Naomi Buckwalter
How are you going to tell them? Like, All right, yeah, security is your job. Oh, by the way, you have to be a technical expert at the same time. Like that doesn't make any sense. So if security is everyone's job, yes, we will have people who have to just do the basics and that's going to be their job.

00:12:36:17 - 00:12:59:05
Naomi Buckwalter
That's totally fine. We also need the security professionals who have to be experts in some things, not all the things. And there's different domains. You can do GRC, you can do vulnerability management, you can do all the different things that don't really need hands on keyboard, ten years, experience doing things, setting up racks. Well, you don't have to do all that in order to get your be a cybersecurity professional.

00:12:59:14 - 00:13:21:06
Naomi Buckwalter
There's no reason why you need a full time IT professional experience and maybe that was true 20 years ago, but cybersecurity is now broader. I like to say I use the term loosely. It's not really cybersecurity. It's information security. Information security carries a breadth of domains. And if we just start focusing, it's like, oh, no, it's just the security of IT.

00:13:21:07 - 00:13:33:00
Naomi Buckwalter
Assets like that is one part of security information security. IT security is a subset of information security, but information security as a whole. No, you do not need to be an IT Expert at all.

00:13:33:16 - 00:13:58:04
Monica Verma
Absolutely. I totally share that opinion because as you say, what was different between, what’s different from 20 years and today is that we talked IT security and we talked very much application and technical coding and secure coding and very few subsets within IT Security. That was what was there. It was hacking and it was very technical. But now we have gone to a point,

00:13:58:04 - 00:14:19:02
Monica Verma
We have this much broader information security but so much subfields inside it that there is a place for everyone and we are not utilizing we're not really encouraging people to get into this information security field. Yes, you do need technology knowledge and understanding because ultimately it's about people, process and technology, but you don't need to be an expert. Absolutely.

00:14:19:02 - 00:14:43:10
Monica Verma
Hundred percent. So what would you say from a both talent perspective and the organization perspective, what would be your key recommendations to help reduce that this talent or demand gap? What would you recommend to people who want to get in or even want to progress and go to leadership. And what would you recommend to organizations that want to hire?

00:14:43:20 - 00:15:00:10
Naomi Buckwalter
Yeah, I mean, the whole axiom of networking is completely true, especially in cybersecurity. It's really about who you know and who will vouch for you. So if you're looking for a job in cybersecurity, you're looking to break in, you start you need to start building your network of people who will go to bat for you. Like that is number one.

00:15:00:21 - 00:15:17:23
Naomi Buckwalter
You can build all you can have a great resume, but if nobody will go to bat for you, you literally will never get in front of a hiring manager. So you need somebody that’d actually vouch for you. So put out your information out there like be visible on places like LinkedIn and Twitter and get people to know you.

00:15:17:24 - 00:15:39:03
Naomi Buckwalter
Get people to see you as a human with skills and talents and not you're not just a piece of paper right beyond your two dimensional bounds of your resume. Now, for the hiring managers, on the other hand, and here is where my site is, I want the hiring managers to understand that they don't need the unicorn. They don't need somebody with ten years of experience in X, Y and Z before they can join your team.

00:15:39:07 - 00:16:00:18
Naomi Buckwalter
You can take them as they are full of talent, critical thinking skills, emotional intelligence, empathy, soft skills, human skills, whatever you want to call them. Those are the things you can't teach. What you can teach are things that you like you learned yourself. So cybersecurity things, security principles, the OCI model like these are things that are freely available resources out there on the Internet.

00:16:00:21 - 00:16:21:12
Naomi Buckwalter
Anyone can learn them. You have to just get over yourself hiring manager and know that your job can be done by anyone with the right basics, which is just critical thinking and communication, emotional intelligence. Those are the basics that you need. You don't need the fact that you know how an operating system works. You don't need that. And you need to admit to yourself that it's not that difficult to learn.

00:16:21:21 - 00:16:40:03
Naomi Buckwalter
Our jobs are difficult because we need to balance the needs of security with the business needs. That's what makes it difficult. There's politics involved. There's processes that people don't follow. Sometimes that's what makes our job hard. Now, how do we fix that? We need the right people who can communicate with the business and who speak the language of people, normal people.

00:16:40:08 - 00:17:01:11
Naomi Buckwalter
You will never get that with the cohort that we have now, which are like the people who just talk technical and just have, you know, the ability to talk to machines like that is not what we need. We need a broader and this comes in to the diversity thing, Monica Like we need so many different people just because there's people, there are so many different kinds of people that we need to talk to, like the businesses, not just technical folks.

00:17:01:17 - 00:17:19:23
Naomi Buckwalter
They're not just computer folks. They're marketing sales, you know, finance operations. Those are the folks that we need to talk to. Therefore, we need to hire people who can talk like them. So we can't just all be one kind of group with this technical, nerdy kind of group. Like we were terrible at talking to people. So I'm rambling a little bit, but that's the goal.

00:17:20:05 - 00:17:39:10
Naomi Buckwalter
The hiring managers need to get over themselves, realize that security is everyone's responsibility and therefore you need to hire everybody, literally as many people as you can. They don't need to be full time security professionals, but you need to teach and train and give them tools and resources for them to be successful as they're in their job, in their role.

00:17:39:15 - 00:17:42:22
Naomi Buckwalter
But adding security on top of that, because security is everyone's responsibility.

00:17:43:08 - 00:18:02:03
Monica Verma
Absolutely. And talking what experience when hiring managers want to hire somebody for a one or two year entry level position with ten years of experience, it reminds me of one quote that my father used to tell me and something I learned from him. And I say that not all the time is that you will get two years of three years of experience

00:18:02:03 - 00:18:28:04
Monica Verma
in three years. You will get ten years of experience in ten years. You will never get ten years of experience in one year. Well, if you did, you would still only have one year of experience and which in ten years would be very different. Right. So you have to understand this aspect of that. We put in this unrealistic expectations of people at entry level position need to have all the experience without investing in them.

00:18:28:04 - 00:18:52:22
Monica Verma
So absolutely 100% but you said something here that I want to, you touched something here that I want to pick up on, which is diversity. When we talk about diversity, equity and inclusion, this is my biggest struggle that I at least understand, and I want to hear your thoughts on it. On one hand, I obviously don't want, as a woman, as a minority, as a brown woman, to get a job because of those reasons.

00:18:52:22 - 00:19:16:07
Monica Verma
At the same time, I'm not a German CISO, I'm not an Indian Ethnic CISO. I'm not a female CISO. I'm a CISO, but on the other hand, at the same time, we want to talk about and we need to talk about representation. We need to talk about diversity and inclusion. For me, these are not mutually exclusive, but at the same time we see the struggle in the industry where people are either so pro or one side or the other side.

00:19:16:10 - 00:19:32:05
Monica Verma
They're like, either you talk about diversity and then you can’t be saying that you're not a female CISO or if you say you're you a CISO and not a female CISO so you can't be talking about female equity or equity in general in industry, and I just don't get that. What are your experiences? What struggles have you seen?

00:19:33:14 - 00:19:59:12
Naomi Buckwalter
I agree with you. I think that we need to have a broader conversation and just normalized language of not having to say female CISO, you know, being like, oh, you have to say female CISO, otherwise you're you're not a feminist or whatever. Like it's just so confusing. The whole idea is like, we're in female bodies, but that is all like we're essentially souls having like a female experience for all my female listeners out here.

00:19:59:12 - 00:20:29:04
Naomi Buckwalter
But same thing with men like their souls that are not gendered, but they're in male bodies. So the idea is like, let's see ourselves as souls first, which we all are. And therefore, if we can see ourselves as like spiritual beings, like, you know, everyone kind of knows that there's something going on with consciousness or something. If we're a conscious being, having an experience within a physical body and it just so happens to be a brown body or a white body or a female body or male body.

00:20:29:15 - 00:20:50:21
Naomi Buckwalter
That's what's really holding us back from having the real conversation of like, how are our spiritual selves being brought into a larger conversation of like helping, insecurity or being a security professional? Because that's what really is. It's just labels at this point. We're not really seeing ourselves for ourselves. We never see past what we see in the mirror right in front of us.

00:20:50:21 - 00:21:12:00
Naomi Buckwalter
Like, I don't know if this even answers the question, but this is where I am in my life right now is you really need to see people as their consciousness or as their spiritual self, because once you do that, you realize the labels that we put each other in are just holding us back. And so that's what's happening in our industry, where we're trying to put each other in a bucket and be like, Oh, we need to hire more for this or hire more for that.

00:21:12:07 - 00:21:31:02
Naomi Buckwalter
But we're not really understanding that those are just the containers of ourselves right now. Like that influences our identity to an extent. But the larger extent is like our souls, our consciousness and our our our being like our ability to to affect other humans in a good or bad way and that is what I wish other people could see, too.

00:21:31:02 - 00:21:36:24
Naomi Buckwalter
It's not just the containers we are in, it's more of the spiritual side. I know. So crazy.

00:21:37:19 - 00:21:40:14
Monica Verma
No, I mean, ultimately it's all consciousness and we are.

00:21:40:14 - 00:21:41:03
Naomi Buckwalter
All conscious.

00:21:41:03 - 00:22:05:24
Monica Verma
utilizing...Yes, it is and we are talking about utilizing what skill sets do we have, what what talent we are putting to use, what opportunities we provide, flavors of opportunities independent of any kind of label. But that's the point. What I struggle with is that we do need to have this conversations not because I am a female CISO, but because we need to have better representation in the organization, in the society.

00:22:06:07 - 00:22:25:15
Monica Verma
And one of the things I, I have seen and I totally believe in is innovation through inclusion or progress through inclusion. So. And why do I think that? I mean, touching on the topic that you’re saying it's more about not just diversity in what we see, but also diversity in what we hear. To me, that makes total sense.

00:22:26:09 - 00:22:39:17
Monica Verma
Why is it so hard for people to understand that we need to really have different kind of ideas and talent and skillset independent of labels? How what does innovation through inclusion mean for you?

00:22:40:20 - 00:23:04:18
Naomi Buckwalter
Oh, yes, it's looking beyond those, I call them the lazy labels, where we've got skin color and gender like those to me are the lazy labels. There's a whole other set of criteria that we can, like, talk about because we don't we don't really talk about, you know, background, education. You're your, you know, where you grew up, kind of like in the middle class or the upper class.

00:23:04:18 - 00:23:26:07
Naomi Buckwalter
You know, we don't talk about that because all of that brings identities and characteristics and personalities that you won't get if you're always hiring the same kind of person. And yes, you're going to end up with the same you know, I'm not really answering this question right but I'll tell you a story. Like I was at a company called Vanguard, very large mutual fund giant.

00:23:26:14 - 00:23:49:06
Naomi Buckwalter
And here's the thing. I had plenty of diversity, had plenty of different skin colors and ethnicities and nationalities and different genders and great, it’s looks great. But the problem was, everyone thought the exact same way, like it was very interesting to see. So even having a fully diverse staff in like you have plenty of representation through all the different levels and it looks wonderful.

00:23:49:06 - 00:24:07:02
Naomi Buckwalter
Monica It really did. But the whole problem was not a lot got done just because everyone thought the same way. Everyone was in the same echo chamber. They would just say, Oh yeah, yeah, yeah, that's exactly what we need to do. Because they were afraid of stepping outside and being that that different voice and just saying, here is what I'm really seeing.

00:24:07:02 - 00:24:25:04
Naomi Buckwalter
The problem is no one's willing to you like disagree with one another. They're all just like, oh yeah, everyone, everything is great, you know. But there are so many problems, there's so many hidden problems because of that. And even if we achieve our goals of diversity, Monica, I don't know if we'll ever get to the root of the problem, which is like diversity of thoughts.

00:24:25:11 - 00:24:49:01
Naomi Buckwalter
It's like the ability to just say the truth and have everybody understand like, oh, you know, maybe we can think about this critically and not this problem. And yeah, maybe the way that we've been doing it is completely wrong. Like, we need people to take us outside of that box like we've been thinking about the entire time. No matter what person that person looks like, whatever their skin color is or their gender like, I think it's the diversity of thought that we need desperately.

00:24:49:09 - 00:24:54:14
Naomi Buckwalter
And it's not the fact that we don't have enough representation in certain buckets. The lazy labels that I say.

00:24:55:19 - 00:25:20:03
Monica Verma
Makes total sense. I mean, innovation to me requires change. And change can only come when you embrace diversity of ideas and diversity of opinions. Absolutely hundred percent. So let's start wrapping up the episode. I think we've had really amazing conversations. I've had fun. What would be your key message talking about all this talent gap demands and diversity inclusion?

00:25:20:03 - 00:25:29:15
Monica Verma
What would be a key message to people that are looking to either break into cybersecurity or break into leadership? And your key message to organizations?

00:25:30:13 - 00:25:48:01
Naomi Buckwalter
Yeah, for sure. So key message to people trying to break in, don't give up. It's it's worth the struggle. You're going to struggle for sure. There's plenty of people out there who are looking for jobs and, you’r no different. You just need to think critically about what you are trying to do and how you can get there easily.

00:25:48:01 - 00:26:06:16
Naomi Buckwalter
So network with people, put your thoughts out there so people can consume, bring value to others. Because when you start doing that, you'll start noticing something happen. People come to you, you don't have to apply for jobs. You'll see the recruiters come to you like, Hey, hey, I saw you post about something. And that's a really interesting article you wrote about that one thing.

00:26:06:22 - 00:26:21:07
Naomi Buckwalter
Let me just talk to you about this role that we have, but you'll notice that that happens all the time for the hiring managers and the companies that are looking to hire the unicorns. I say think critically about why you want to do that. Is it because you want someone with immediate ROI or are you looking at the bigger picture?

00:26:21:07 - 00:26:42:12
Naomi Buckwalter
Are you looking to grow somebody into the security professional that you want and therefore have a whole like a whole cohort, an army of security professionals that would be way better than just that one person who's going to be overworked and understaffed, or you don't want that person to quit on you because you need a sustainable security person.

00:26:43:02 - 00:27:02:01
Naomi Buckwalter
They're just going to look at you like this happens. So do do us all a favor. Think critically about why you do certain things and then realize that maybe the way that we've been doing things all along have been wrong. So we're evolving as a security community. We're evolving as an industry. Now it's time for everyone to realize that we have to grow up now.

00:27:02:09 - 00:27:11:09
Naomi Buckwalter
It is not just about the way we've been doing things because look at the news, everyone, things are happening out there and we are helpless to stop it. The cybercriminals are winning.

00:27:11:22 - 00:27:24:16
Monica Verma
Mm hmm. Absolutely. And you touched on something about culture, and I believe that's a whole episode in itself. We should take it in the next episode at some point. But that was lovely, Naomi. It was lovely to have you on the show today. Thank you so much for that.

00:27:24:16 - 00:27:25:03
Naomi Buckwalter
Thank you so much.

00:27:25:04 - 00:27:44:14
Monica Verma
That was today's episode where we talked with Naomi Buckwalter today about talent gap or demand gap, diversity, inclusion, equity in cybersecurity, how important that is, what are the struggles that we're seeing and what we can really do about it. I hope you enjoyed the show. I had really fun talking to Naomi. Thank you again. And we'll talk very soon.

00:27:44:20 - 00:27:50:05
Monica Verma
Until then, make sure you tune into the podcast show. I'll talk to you very soon. Take care and stay safe.